The Center for Information Technology Leadership (CITL) conducted a study on the value of personal health records (PHRs), and determined the United States could save $21 billion each year at the national level. The study assumes a ten year role-out and 80% nationwide usage. CITL presented their findings at the American Informatics Association annual symposium in Washington, DC.

The study explored four PHR architectures: provider-tethered, payer-tethered, third party, and interoperable PHR systems. The architectures support information collection and sharing with authorized parties, information for self-management, and health information exchange. CITL finds the greatest benefits would come from deploying interoperable PHRs to 80% of the US population.

Provider-tethered PHRs are supplied and managed by the patient’s physician. This type of PHR is tied into the provider’s medical record database. Payer-tethered PHRs are managed by insurance companies and connected to their administrative databases. Third-party PHRs aggregate healthcare data for users via manual data exchange. Interoperable PHRs use regional aggregation of patient’s data via standards-based automated data exchange.

Regardless of the architecture, “PHRs have the potential to dramatically improve efficiencies in our healthcare system,” according to Dr. Blackford Middleton, Chairman of CITL. Their research also finds that the “benefits and annual savings far outweigh the costs” of implementing PHRs. Finally, CITL states that benefits from PHRs could accrue to both payers and providers.

XLEMR is developing a PHR based on their electronic medical record paired with the Walletex USB flash drive. XLEMR offers a custom system based on Microsoft Office, allowing easy data storage on USB devices. The Walletex flash drive is a slender USB drive the size of a credit card that fits in one’s wallet.

According to a recent survey conducted by the Physicians’ Foundation, many primary care providers in the U.S. feel overworked and plan to cut back on the amount of patients they see or quit practicing entirely. In addition, 60 percent of those polled state they would not recommend medicine as a career choice. “The whole… process has just become too burdensome,” according to one of the doctors surveyed.

Paperwork is one of the contributing factors. 90 percent say non-clinical paperwork has increased over the last three years. The vast majority was unsatisfied with their job, and they were considering moving to part time, changing jobs, or retiring.

Electronic medical records (EMRs) can provide the solution. Instead of cutting back at the office, healthcare providers should learn to work smarter, not harder. EMRs can help reduce operating expenses by eliminating the costs associated with managing paper, such as time spent scanning, faxing, and searching for misfiled paper charts.

EMRs can also increase revenue. A good EMR will improve documentation and support higher coding. Higher coding allows providers to collect for work they already do, but were not previously able to document. In addition, EMRs can help you reduce billing errors, through reduced data entry and tracking your payments.

Many physicians are feeling the pinch due to the lackluster economy. Cutting back on patients may not be a feasible option. Instead, adopting an EMR can help doctors and other providers work less hours while increasing their revenue.

Mary Washington Hospital in Fredericksburg, Virginia has a convenient online registration system for expectant mothers. Unfortunately, a security glitch on the site exposed the private medical information of 803 patients. The records contained social security numbers, phone numbers, and birth dates.

The breach was discovered when “Mike,” the husband of an expectant mother experienced some problems with the hospital’s website. Mike discovered the records by deleting part of the long URL in his browser window. He was attempting to fix a “certificate revoked” error message that hampered his registration.

Mike viewed a couple of records and notified the record holders that their information was available on the web. One of them contacted a local sheriff, who reported the problem to the hospital. A hospital spokeswoman described the breach as a “one-time incident,” and reported that Mike was the only person to person to see the records.

This incident points out the risks associated with web-based systems. Although convenient, a simple administrative error can create a serious vulnerability. Mary Washington’s system had at least two serious vulnerabilities. The first problem was a revoked SSL encryption certificate. The certificate helps the website encrypt sessions to verify user identity and protect data.

The second problem involved file and directory permissions. In this case, an administrator allowed “directory browsing,” which means anyone can view the contents of a website directory, even though the information isn’t displayed on a web page. Mike unwittingly stumbled onto a well-known hacking procedure. By deleting parts of the website’s URL, he was able to direct his web browser to view the directory containing patient records. If the website was configured properly, he should have received a “Forbidden” error, stating that he does not have permission to access the directory.

Although web-based information systems can be useful, organizations run a significant risk if they deploy mismanaged systems. The devil is in the details, and more complex systems run a greater risk of configuration errors. System administrators should be proactive, and test their systems for any vulnerabilities that could expose protected information.